PT-2019-17966 · Php Scripts Mall · Php Scripts Mall Advance Peer To Peer Mlm Script

Published

2019-01-11

Updated

2020-08-24

CVE-2019-6126

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions PHP Scripts Mall Advance Peer to Peer MLM Script version 1.7.0

Description The issue allows remote attackers to bypass intended access restrictions. This can be achieved by directly navigating to "admin/dashboard.php" or "admin/user.php", resulting in the disclosure of information about users and staff.

Recommendations For PHP Scripts Mall Advance Peer to Peer MLM Script version 1.7.0, consider restricting access to the "admin/dashboard.php" and "admin/user.php" endpoints to minimize the risk of exploitation. Additionally, review and implement proper access controls to prevent unauthorized access to sensitive information.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-425

Related Identifiers

CVE-2019-6126

Affected Products

Php Scripts Mall Advance Peer To Peer Mlm Script

PT-2019-17966 · Php Scripts Mall · Php Scripts Mall Advance Peer To Peer Mlm Script

CVE-2019-6126

Weakness Enumeration

Related Identifiers

Affected Products

References · 3